October - 2005 - issue > Cover Feature
Wireless Security
Praphul Chandra
Monday, November 17, 2008
“On a short trip in London’s financial district, two-thirds of the networks we discovered using a laptop and free software tools were found to be wide-open” - BBC News.
“We came across a company with one of these wireless networks. All their source code, everything was available. This network was beckoning, ‘log onto me’...It basically had its Rolls-Royce parked in the driveway, engine running, with a sign saying ‘steal me.’” - Thubten Comberford of White Hat Technologies, a wireless security firm.
Bottom-line— Wireless LANs could broadcast secrets of enterprises who spend millions on Internet security. Wireless security has become a serious business requirement today. Until 2002-2003, many companies had delayed wireless deployment till the networking industry secured the wireless networks just like wire-line networks
The Importance of Wireless Security
Why is wireless security such a big issue? After all wire-line networks never had to cross the security hurdle to see wide-scale deployment. The answer is inherent in the question.
The wireless medium by its very nature can’t be contained. Wire-line networks could be physically contained into the network they formed by ensuring that rogue nodes did not have access to the medium (wires). Companies were willing to deploy wire-line networks by ensuring this. This is not to say that the wire-line networks did not have to cross the security hurdle. With the advent of the Internet, the need to transmit data over insecure networks, security in wire-line networks became a necessity. However, for wireless networks this requirement has to be met at a much earlier stage because of the insecure nature of the medium.
The wireless medium is so open to attacks that today’s wireless networks can be accessed by using a laptop and an empty cola can. The cola can acts as an antenna providing a tap (a wireless network scanner/sniffer) into the medium. The easy access to wireless networks has given rise to the practice of “war-driving”- driving in a car with a laptop and some sort of antenna looking for open networks. Surprisingly, this practice is more widespread - especially in Europe where the wireless market is more widespread than in North America.
What is 802.11?
Enterprise Wireless Networks have come to be synonymous with IEEE’s 802.11 standard. The 802.11 standard is a suite of protocols defining an Ethernet-like communication channel using radios instead of wires. Such networks are referred to as Wireless Local Area Networks and the technology is called as Wi-Fi. WLAN allow users to connect to a network without the wires. Simply put 802.11 is Ethernet without the wires. Just as we use Ethernet to form wired Local Area Networks, we can use 802.11 to create WLANs.
The 802.11 standard specifies protocols for the physical and the media access control layers of the open systems interconnection stack. Multiple variations of the 802.11 standard define different PHY layers. The first release of 802.11 in 1997 specified a unified MAC layer and three separate PHY layers that provided for data rates of 1 to 2 Mbps. Ever since the standards have been enhanced to support higher data rates; for example, 802.11b and 802.11g operate in the 2.4 GHz spectrum to reach data rates up to 11 Mbps and 54 Mbps respectively whereas 802.11a operated in the 5.2 GHz range to reach data rates up to 54 Mbps. Figure 2 clarifies the 802.11 “alphabet soup.”
The Evolution of 802.11 Security
The security architecture and protocol specified in the original 802.11 protocol was known as Wired Equivalent Privacy. It provided authentication, confidentiality and data integrity in 802.11 networks. However, WEP had too many loopholes. The ease with which the WEP-secured networks could be compromised, encouraged the emergence of a suite of free/open-source software tools used to “hack” into wireless networks thus compromising the security of the whole enterprise network. This also encouraged the practice of war driving and discouraged many companies from deploying WiFi networks.
After the exposure of the loopholes in WEP, the original 802.11 security standard, the IEEE formed a Task Group i- 802.11i with the aim of improving upon the security of 802.11 networks. The security proposal specified by the Task Group-i is known as 802.11i and is much stronger than WEP. With 802.11i, WiFi networks are now considered to be secure enough for enterprise deployment. The usage of the Advanced Encryption Standard in 802.11i provides an obstacle. The AES requires the existence of a powerful hardware engine that is absent in the old 802.11 hardware, which has already been deployed. Which meant there is also a need for a security solution that can operate on existing/old already-deployed hardware.
There was a pressing need for 802.11 equipment vendors and thus the Wi-Fi alliance came into the picture. To improve the 802.11 network security without a hardware upgrade, the Wi-Fi alliance adopted Temporal Key Integrity Protocol as the security standard to be deployed for Wi-Fi certification. This form of security has therefore come to be known as Wi-Fi Protected Access. WPA is a pre-standard subset of 802.11i, which includes key management and authentication architecture (802.1X) specified in 802.11i (known as WPA2) but instead of using AES for providing confidentiality and integrity; WPA uses TKIP and MICHAEL respectively.
Conclusion
To summarize, WPA is a security solution designed to be available as a software upgrade for existing WiFi networks. It is not as robust or secure as 802.11i but it is still a much better solution than the original WEP. Companies with existing WiFi networks may consider WPA as a short-term solution but in the long run, most companies should upgrade to new WiFi networks capable of supporting 802.11i.
Praphul Chandra is the author of "Bulletproof Wireless Security -GSM, UMTS, 802.11 and Ad Hoc Security." He works for Texas Instruments. He is currently working on his second book that would be about Wi-Fi.
